suhosin-patch is provided as modified one; only copyright year.
PHP 5.3.9 Released!
[10-Jan-2012] The PHP development team would like to announce the immediate
availability of PHP 5.3.9. This release focuses on improving the stability of
the PHP 5.3.x branch with over 90 bug fixes, some of which are security
related.
Security Enhancements and Fixes in PHP 5.3.9:
* Added max_input_vars directive to prevent attacks based on hash
collisions. (CVE-2011-4885)
* Fixed bug #60150 (Integer overflow during the parsing of invalid
exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
* Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd
argument to is_a and is_subclass_of).
* Fixed bug #55609 (mysqlnd cannot be built shared)
* Many changes to the FPM SAPI module
For a full list of changes in PHP 5.3.9, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.
All users are strongly encouraged to upgrade to PHP 5.3.9.
New in version 1.0.55
* enhancements to building SBCL using make.sh:
+ --fancy can be specified to enable all supported feature
enhancements.
+ --with-<feature> and --without-<feature> can be used to
specify which features to build with.
+ --arch option can be used to specify the architecture to
build for. (Mainly useful for building 32-bit SBCL's on
x86-64 hosts, not full-blows cross-compilation.)
* enhancement: extended package prefix syntax
<pkgname>::<form-in-package> which allows specifying name
of the default interning package for the whole form.
* enhancement: when *READ-EVAL* is true, arrays with element
type other than T can be printed readably using #.-based
syntax. (Thanks to Robert Brown)
* enhancement: MAKE-ALIEN signals a storage-condition instead
of returning a null alien when malloc() fails. (#891268)
* enhancement: SB-EXT:PRINT-UNREADABLY restart for
PRINT-NOT-READABLE conditions can be conveniently accessed
through function with the same name, analogously to CONTINUE.
* enhancement: SB-EXT:*SUPPRESS-PRINT-ERRORS* can be used to
suppress errors from the printer by type, causing an error
marker to be printed instead. (Thanks to Attila Lendvai)
* enhancement: BACKTRACE and DESCRIBE now bind *PRINT-CIRCLE*
to T, and generally behave better when errors occur during
printing.
* enhancement: the test runner now takes a --report-skipped-tests
argument to report the individual tests skipped as well as the
number of skipped tests.
* enhancement: undefined functions now appear in backtraces as
("undefined function") instead of ("bogus stack frame") on
x86oids.
* enhancement: detected deadlocks no longer cause stderr to be
spammed, and deadlock errors are reported in an easier-to-decipher
manner.
* enhancement: DESCRIBE on type designators reports the
expansion in more cases.
* enhancement: SBCL now provides either an explicit :BIG-ENDIAN
or :LITTLE-ENDIAN in *FEATURES*, instead of :BIG-ENDIAN being
implied by lack of the :LITTLE-ENDIAN feature. (Thanks to
Luis Oliveira, #901661)
* enhancement: better disassembly of segment-prefixes on x86
and other instruction prefixes (e.g. LOCK) on x86 and x86-64.
* optimization: FIND and POSITION on bit-vectors are orders of
magnitude faster (assuming KEY and TEST are not used, or are
sufficiently trivial.)
* optimization: SUBSEQ on vectors of unknown element type is
substantially faster. (#902537)
* optimization: specialized arrays with non-zero :INITIAL-ELEMENT
can be stack-allocated. (#902351)
* optimization: the compiler is smarter about representation
selection for floating point constants used in full calls.
* optimization: the compiler no longer refuses to coerce large
fixnums to single floats inline, except on x86 where this
limitation is still necessary.
* bug fix: deadlock detection could report the same deadlock
twice, for two different threads. Now a single deadlock is
reported exactly once.
* bug fix: interval-arithmetic division during type derivation
did not account for signed zeros.
* bug fix: compiler error when typechecking a call to a
function with non-constant keyword arguments.
* bug fix: misoptimization of TRUNCATE causing erratic behaviour.
* bug fix: condition slot accessors no longer cause undefined
function style-warnings when used in the :REPORT clause of
the DEFINE-CONDITION form that defines them. (#896379)
* bug fix: DEFGENERIC warns about unsupported declarations, as
specified by ANSI. (#894202)
* bug fix: SUBTYPEP tests involving forward-referenced classes
no longer bogusly report NIL, T.
* bug fix: bogus style-warnings for DEFMETHOD forms that both
declared some required arguments ignored and performed
assignments to others. (#898331)
* bug fix: *EVALUATOR-MODE* :COMPILE treated (LET () ...)
identically to (LOCALLY ...) leading to internally
inconsistent toplevel-formness.
* bug fix: non-toplevel DEFSTRUCT signaled a style warning for
unknown type.
* bug fix: redefining a function whose previous definition
contained an unknown type no longer causes a style-warning. (#806243)
* bug fix: undefined functions now appear in backtraces as
("undefined function") instead of ("bogus stack frame") on non-x86oids.
* bug fix: backtraces are no longer cut off at ("undefined
function") when called under certain circumstances (involving a
caller-allocated stack frame) on PPC.
* bug fix: RUN-PROGRAM leaked a file-descriptor per call on
non-Windows systems. (regression since 1.0.53)
* bug fix: GC deadlocks from dladdr() on certain platforms.
* bug fix: broken standard streams no longer automatically
cause recursive errors on debugger entry.
* bug fix: build ignored --dynamic-space-size=<size> argument
to make.sh (regression since 1.0.53)
* bug fix: attempts to stack allocate a required argument to a
function with an external entry point caused compiler-errors.
* bug fix: compiler notes for failed stack allocation for a
function argument no longer claim to be unable to stack
allocate the function.
* bug fix: COERCE now signals a type-error on several
coercions to subtypes of CHARACTER that are forbidden
according to ANSI. (#841312)
* bug fix: missing failure-to-stack-allocate compiler notes
for some forms of MAKE-ARRAY with dynamic-extent. (#902351)
* bug fix: some of the compile-time side-effects of DEFCLASS
were not caught by package locks.
Previously the Ada testsuite was given unlimited stack resources for the
x86_64 arch on NetBSD. Since all platforms now need unlimited stack
resources to build gnat-aux due to the addition of <platform>-stdint.h
header, this platform specific restriction on the Ada testsuite was
removed.
Unfortunately that resulted in a new stack test failure on i386 NetBSD
platforms (gnat.dg/task_stack_align.adb execution test), so the original
restriction seen in gnat-aux-20110627 was restored. Now i386 NetBSD
once again pass all gnat.dg tests. This is strictly a testsuite issue
so no PKGREVISION bump is necessary.
Obvious additions:
1) Upgrades sync from gcc 4.6.1-RELEASE to gcc 4.6.2-RELEASE
2) New capability of building Fortran
3) New capability of building Objective-C
4) Building of all 5 languages (Ada,C,C++,ObjC,Fortran) now default
5) Fortran testsuite added
6) ObjC testsuite added
Behind the scenes:
1) Previously GNAT-Aux was built from a custom-built tarball. Now real
real gcc source files are used instead, but heavily patched.
2) The standard patch mechanism is not used. Composite diff files are
generated by dragonlace.net and they are applied as needed, and
are located in the "files" directory
3) This might be the only gcc that doesn't use the monolithic source tar
ball. Depending on the options selected, the makefile updates its
distfile list and only downloads what it needs, including testsuite
files and dejagnu support.
4) All platforms are now built with unlimited stacksize command due to
new issues with <platform>-stdint.h functionality.
5) All platforms use unlimited stacksize for Ada testing. Before it was
limited to NetBSD x86_64. This may have introduced a failure on
NetBSD i386 though. There were no other impacts according to the
Ada testsuite results.
6) The PLIST automatic generation was significantly simplified, resulting
in some variable deletion.
7) libstdc++ can't break testing now (forced to evaluate to true)
8) Unnecessary depends and USE_TOOLS removed
9) The includes-fixed directory is now removed from all platforms, arches
now rather than problematic ones. It seems that it can only make no
difference or cause problems, so no reason to keep it around.
A) Unnecessary do-config phase "touches" removed.
B) Several fixes added to diff patches to improve testsuite results on
c, c++, and fortran for all platforms.
(Old versions do not resolve.) Also, add pointer (in comment) to
debianized version on github.
(no actual changes to the package; update to 0.11 is due but probably hard)
2. Use MMFLAGS instead of MFLAGS as the compiler flags make variable.
The latter interacts somewhat poorly with make's own usage of the same
identifier. Do this by SUBST at post-extract time so nothing ever sees
the original form, and adjust patches to match.
Does not build (it cannot parse NetBSD's stdlib.h) but no longer
explodes randomly.
It contains security fix for CVE-2011-4815 (DoS).
Wed Dec 28 21:34:23 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* string.c (rb_str_hash): randomize hash to avoid algorithmic
complexity attacks. CVE-2011-4815
* st.c (strhash): ditto.
* string.c (Init_String): initialization of hash_seed to be at the
beginning of the process.
* st.c (Init_st): ditto.
Thu Dec 8 11:57:04 2011 Tanaka Akira <akr@fsij.org>
* inits.c (rb_call_inits): call Init_RandomSeed at first.
* random.c (seed_initialized): defined.
(fill_random_seed): extracted from random_seed.
(make_seed_value): extracted from random_seed.
(rb_f_rand): initialize random seed at first.
(initial_seed): defined.
(Init_RandomSeed): defined.
(Init_RandomSeed2): defined.
(rb_reset_random_seed): defined.
(Init_Random): call Init_RandomSeed2.
Sat Dec 10 20:44:23 2011 Tanaka Akira <akr@fsij.org>
* lib/securerandom.rb: call OpenSSL::Random.seed at the
SecureRandom.random_bytes call.
insert separators for array join.
patch by Masahiro Tomita. [ruby-dev:44270]
Mon Oct 17 04:20:22 2011 Nobuyoshi Nakada <nobu@ruby-lang.org>
* mkconfig.rb: fix for continued lines. based on a patch from
Marcus Rueckert <darix AT opensu.se> at [ruby-core:20420].
Mon Oct 17 04:19:39 2011 Yukihiro Matsumoto <matz@ruby-lang.org>
* numeric.c (flo_cmp): Infinity is greater than any bignum
number. [ruby-dev:38672]
* bignum.c (rb_big_cmp): ditto.
Mon Oct 17 03:56:12 2011 Yusuke Endoh <mame@tsg.ne.jp>
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): initialize
store->ex_data.sk. [ruby-core:28907] [ruby-core:23971]
[ruby-core:18121]
- explain why we need post-extract chmods
- sort PLIST
- add patch comments
- clean up some pkglint
- fix a symbol name conflict with logf (from math.h + a gcc builtin)
- fix some other bugs/issues found by gcc
- add standard headers
- remove some bogus BSD/System V include probing
- probably fix gcc 4.5 build (not fully tested)
- bump PKGREVISION
The schema48 configure schema has a pthreads test that can't be overridden.
The problem is that it starts with -mt, and it thinks the test passes when
in reality gcc complains. This commit does a post-patch inline replacement
on the configure script to override the test, and to add -pthread to both
$CFLAGS and $LDFLAGS.
http://www.cs.arizona.edu/sr/impl.html:
"SR does not run on 64-bit X86/AMD64 Linux".
Indeed, the arch.h file has no provision for the x86_64 architecture.
NetBSD x86_64 gets past the trap because it patched the arch.h file to
alway define the arch. Configuring on DragonFly64 illustrates the arch
is unsupported.
Drop ${PHP_BASE_VARS} from PKGVERSION by default.
It used to be required to support multiple php version.
But after PHP version based ${PHP_PKG_PREFIX} was introduced,
such trick is not required anymore.
In addition to this, such version name schme invokes unwanted version bump
when base php version is bumped, plus, such version scheme is hard to
use for DEPENDS pattern.
To avoid downgrading of package using such legacy version scheme,
PECL_LEGACY_VERSION_SCHEME is introduced.
If it is defined, current version scheme is still used for currently
supported PHP version (5 and 53), but instead of ${PHP_BASE_VARS},
current fixed PHP base version in pkgsrc is used to avoid unwanted version bump
from update of PHP base package.
With newer PHP (54, or so on), new version scheme will be used if
it is defined.
This trick will not be required and should be removed after php5 and php53 will
be gone away from pkgsrc.
DragonFly doesn't have the ossaudio library, so it won't build the oss
plugin. The PLIST was adjusted accordingly. Pkglint hated the Makefile
so it was cleaned up and a license entry (2-clause-bsd) was added.
It doesn't build on i386. When gcconfig.h is modified to recognize x86_64
platform, it breaks in the Boehm garbage collector. This is alpha-grade
software from GNU that hasn't had a release in over 4.5 years. Frankly, I
don't know how this abandoned project deserves a spot in pkgsrc.
For a reason I don't understand, the WRKDIR "work" directory ends up with
file permissions of 777 and unknown user/group ownership. To make
PKG_DEVELOPER=yes happy, changing the dir permission is enough.
=== 3.12 / 2011-12-15
* Minor enhancements
* Added DEVELOPERS document which contains an overview of how RDoc works and
how to add new features to RDoc.
* Improved title for HTML output to include <code>--title</code> in the
title element.
* <code>rdoc --pipe</code> now understands <code>--markup</code>.
* RDoc now supports irc-scheme hyperlinks. Issue #83 by trans.
* Bug fixes
* Fix title on HTML output for pages.
* Fixed parsing of non-indented HEREDOC.
* Fixed parsing of <code>%w[]</code> and other % literals. Issue #84 by
Erik Hollensbe
* Fixed arrow replacement in HTML output munging the spaceship operator.
Issue #85 by eclectic923.
* Verbatim sections with ERB that match the ruby code whitelist are no
longer syntax-highlighted. Issue #86 by eclectic923
* Line endings on windows are normalized immediately after reading with
binmode. Issue #87 by Usa Nakamura
* RDoc better understands directives for comments. Comment directives can
now be found anywhere in multi-line comments. Issue #90 by Ryan Davis
* Tidy links to methods show the label again. Issue #88 by Simon Chiang
* RDoc::Parser::C can now find comments directly above
+rb_define_class_under+. Issue #89 by Enrico
* In rdoc, backspace and ansi formatters, labels and notes without bodies
are now shown.
* In rdoc, backspace and ansi formatters, whitespace between label or note
and the colon is now stripped.
